The time a hacker remotely bricked cars in Texas
When all things are hackable, all things will be hacked
Even in the age of the Internet, buying a car can be an expensive, frustrating, and laborious process. It’s even worse if you are unemployed or have limited resources. Fortunately, Texas Auto Center in Austin caters to just these customers, promising a car for everyone, “no matter if you have good credit, bad credit, a bankruptcy, repossession, or no credit at all.” Of course when times are rough, people do get behind in their loan payments, and repossession rates at some dealerships run as high as 45 percent. Repossessing cars is never fun, either for those who are about to lose their primary means of transportation or for the dealers who have to send out a fleet of tow trucks in search of the car. These vehicles are often purposefully hidden by those who know they are facing repossession. When the repo man and his tow truck eventually come calling, tempers flare, and many repo men have been punched, kicked, spit upon, bitten, stabbed, and even shot to death trying to recover the dealer’s property. Surely there had to be a better approach, and Texas Auto Center thought it had found just the solution.
The dealership purchased a new technological tool from the Cleveland-based Pay Technologies that promised a far superior alternative to the confrontational repossessions of yesteryear. Pay Technologies’ product was known as the WebTeckPlus, a system that allowed car dealers to install “a small black box, about the size of a deck of cards, cleverly concealed underneath a vehicle’s dashboard.” The devices were controlled remotely via a central Web site that relayed signals over a wireless network to the cars’ black boxes. When activated, the signal allowed the dealership to “disable a car’s ignition system or trigger the horn to begin honking,” a nice, if not too subtle, way to remind owners their payment was overdue. Texas Auto Center began slowly installing the boxes in its entire fleet, and before long more than eleven hundred cars had the system in place. In charge of administering the new high-tech repo management system was Omar Ramos-Lopez, a young credit collector at the dealership with an affinity for technology.
All seemed to work well with the new system until February 2010, when suddenly a few of Texas Auto Center’s customers’ cars just stopped running and would not restart. They had no idea why. A check of company records indicated that the clients were all current with their payments. Throughout the day, the number of complaints began to increase, and by the fifth day more than a hundred owners had flooded the dealership with their irate grievances. What was going on?
Customers throughout Texas suddenly had their cars bricked, completely un-drivable and unable to start. Randomly, in the middle of the night horns began honking out of control around the city of Austin, and police were called with numerous noise complaints. When the cops arrived, they discovered the horns could not be shut off until physically disconnected from their car battery cables. Worse, these hundred customers found themselves without transportation, forced to miss work and desperately needed paychecks.
Though the incident was initially dismissed as a “systemic mechanical failure,” something much more nefarious was at play. An intruder illegally accessed Texas Auto Center’s Web-based remote vehicle immobilization system and one by one began turning off their customers’ cars throughout the city. Attempts by the dealership to turn the cars back on were stymied because the hacker had also altered the records in its database, changing vehicle identification numbers and replacing the names of legitimate customers with those of celebrities, such as the long-dead rapper Tupac Shakur and the pop star Jennifer Lopez.
Clearly something was amiss, and eventually suspicions fell upon twenty-year-old Omar Ramos-Lopez, who had been fired from the dealership in the days prior to the widespread vehicular paralysis for “not meeting company standards.” Law enforcement officials alleged Ramos-Lopez used his knowledge of his former employer’s system and the password of a former co-worker to exact revenge for his firing by disabling cars en masse throughout Austin. The police investigation showed that the former collection agent logged in to Pay Technologies’ servers in Ohio from the AT&T broadband network leading to his home. Ramos-Lopez was arrested and charged with felony breach of a computer system.
As for Texas Auto Center, it is far from unique in its decision to install remote repo-man technology in its vehicles; today there are more than two million cars with the technology. There are tens of millions of vehicles around the world that can be controlled one way or another online, with thousands more being added to the global information grid every day. With such black boxes installed in more and more automobiles, it is becoming increasingly clear that there may be more back doors in your car than you ever realized.
I’ve mentioned it online before, but here we go: Two years ago, my wife and I decided to leave our rented home behind and move into a 40-foot RV. We spend our spring and summer in Alberta, Canada where she has a job for six months of the year working as an addictions counselor. The […]
Androkavo tests some of the cheap eBay solder against the brand-name stuff; it gets there in the end, but it’s surely not the advertized 60/40 alloy and needs to be close to 400° before it behaves itself.
MIT Tech Review's Antonio Regalado rounds up the year's stupidest, worst moments in tech, from the guy who created his own CRISPR-based gene therapy to beef up his muscles and injected it to Donald Trump's Twitter feed to the FCC's Net Neutrality catastrophe. Of course, Juicero rates a mention.
Creative designers play a pivotal role in engaging target audiences and customers, and while companies are eager to bring more of these professionals on board, you’ll have a hard time getting your foot in the door if you’re not using the industry’s best tools. From Adobe to Maya, the eduCBA Design & Multimedia Lifetime Subscription Bundle […]
As more companies aim to reel in costs and boost productivity, project managers are becoming an essential part of many operations, and they’re paid handsomely for their expertise. But, while demand is high, you’ll have a hard time getting your foot in the door if you’re not toting the right certifications. The Official Lean Six Sigma […]
Learning how to play the guitar is no easy feat, and plenty of aspiring rock stars wash out due to either lost interest or simply lousy teaching. The Jamstik+ aims to remedy both of these issues with a 21st-century approach. This smart guitar teaches you about chords, scales, and the like via an app on […]